Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
The Limits of Global Scanning Worm Detectors in the Presence of Background Noise
 

Summary: The Limits of Global Scanning Worm Detectors
in the Presence of Background Noise
David W. Richardson, Steven D. Gribble, and Edward D. Lazowska
Department of Computer Science & Engineering, University of Washington
{daverich,gribble,lazowska}@cs.washington.edu
ABSTRACT
Internet worms cause billions of dollars in damage each year.
To combat them, researchers have been exploring global
worm detection systems to spot a new random scanning
worm outbreak quickly. These systems passively listen for
worm probes on unused IP addresses, looking for anomalous
increases in probe traffic to distinguish the emergence of a
new worm from background Internet noise.
In this paper, we use analytic modeling, simulation, and
measurement to understand how background noise impacts
the detection ability of global scanning worm detectors. We
investigate the relationship between the average background
noise level, the number of IP addresses monitored, and the
detection latency for two classes of global scanning worm de-
tectors: scan packet-based and victims-based schemes. Our

  

Source: Anderson, Richard - Department of Computer Science and Engineering, University of Washington at Seattle

 

Collections: Computer Technologies and Information Sciences